Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Win32 Heur causing multiple computer errors

Started by Joolker , Mar 31 2011 09:50 AM

  • This topic is locked This topic is locked

#1
Joolker
Posted 31 March 2011 - 09:50 AM

Joolker

    Member

  • Member
  • PipPip
  • 28 posts
Keeps being picked up by AVG in my svchost.exe file. I believe this could be an 'aftermath' of the 'System Tool' virus which I managed to get rid of myself, although I think it could have left some things behind. I don't have the file name as of yet but I believe it was in the format of (awful random mixture of letters and numbers).gif. I don't know if this has anything to do with it but I often get a pop-up stating 'Host Process Services has stopped working' and my start bar often goes grey and plain, much like a servers start bar would.

I also don't know if it has any relevance but i've been getting random blue screen alot lately. Doesn't seem to have caused much major damage, just a slower computer and an extreme annoyance when I randomly get blue screen. I have no idea at all how I could have acquired this as my anti-virus is always up-to-date and I am careful about what I download. I believe this form of malware has also stopped me from performing a full 'Dell Factory Image Restore' as when I try to perform this I am brought to a login screen with 'Other User' as the only account and that account doesn't even exist.

OTL LOG:

OTL logfile created on: 31/03/2011 16:43:58 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Josh\Downloads
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 57.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 134.36 Gb Total Space | 53.29 Gb Free Space | 39.66% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 5.35 Gb Free Space | 36.55% Space Free | Partition Type: NTFS
Drive E: | 2.87 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: J00LK3R | User Name: Josh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/31 16:42:55 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Josh\Downloads\OTL.exe
PRC - [2011/03/27 12:21:16 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/12/28 14:04:12 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2010/12/28 14:04:12 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2010/12/28 14:04:10 | 002,048,352 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2010/12/28 14:04:09 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2010/12/28 14:04:07 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2010/12/28 14:04:05 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2010/12/28 14:04:05 | 000,832,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgam.exe
PRC - [2010/04/05 17:46:08 | 000,288,040 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2010/03/23 14:22:26 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2010/02/17 16:34:40 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2009/03/22 18:21:17 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/31 23:43:30 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2009/01/09 18:06:32 | 001,735,760 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2008/12/15 05:13:50 | 000,483,420 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2008/12/15 05:13:46 | 000,241,746 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe
PRC - [2008/12/15 05:13:30 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe
PRC - [2008/10/04 19:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/10/04 19:58:02 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/09/24 04:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/06/03 21:54:56 | 000,446,635 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
PRC - [2008/05/23 20:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/05/07 23:41:14 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/05/07 23:41:12 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/01/21 03:33:00 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe


========== Modules (SafeList) ==========

MOD - [2011/03/31 16:42:55 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Josh\Downloads\OTL.exe
MOD - [2010/12/28 14:04:12 | 000,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2010/08/31 16:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/12/28 14:04:07 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2010/12/28 14:04:05 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/08/24 13:16:12 | 000,378,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009/03/22 16:06:19 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/12/15 05:13:46 | 000,241,746 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe -- (STacSV)
SRV - [2008/12/15 05:13:30 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe -- (AESTFilters)
SRV - [2008/10/04 19:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008/09/24 04:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/05/07 23:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/01/21 03:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2010/12/28 14:04:12 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/12/28 14:04:12 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/12/28 14:04:11 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/12/28 14:04:05 | 000,012,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/04/15 14:36:40 | 000,252,536 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/12/22 11:32:18 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/12/15 05:13:54 | 000,393,216 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/09/03 09:44:22 | 000,269,216 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA009Vid.sys -- (OA009Vid)
DRV - [2008/09/03 09:44:22 | 000,144,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA009Ufd.sys -- (OA009Ufd)
DRV - [2008/01/21 03:32:51 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/11/02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/USCON/2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.facebook.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/30 21:25:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/27 12:21:29 | 000,000,000 | ---D | M]

[2011/02/28 16:52:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Josh\AppData\Roaming\Mozilla\Extensions
[2011/03/31 15:54:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\l66m8t3v.default\extensions
[2011/03/24 16:35:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\l66m8t3v.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/31 15:54:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/24 08:22:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/03/27 12:21:24 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2011/03/27 12:21:24 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2011/03/27 12:21:24 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2011/03/27 12:21:24 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.64.53 213.109.73.74
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/01/19 21:00:00 | 000,000,043 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/31 15:59:11 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/03/31 15:30:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/03/31 15:30:10 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/03/24 16:49:36 | 000,000,000 | ---D | C] -- C:\Windows\Registration
[2011/03/23 23:03:34 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\Otax
[2011/03/23 12:40:56 | 000,000,000 | ---D | C] -- C:\ProgramData\nAkLjJaHeKk05200
[2011/03/23 11:24:59 | 000,000,000 | ---D | C] -- C:\Users\Josh\Desktop\keep
[2011/03/22 23:30:46 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Local\{F9DA099A-99DF-4352-9707-7852A1C2CC76}
[2011/03/16 20:33:23 | 000,000,000 | ---D | C] -- C:\Users\Josh\Documents\Remote Assistance Logs
[2011/03/10 17:22:11 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\Malwarebytes
[2011/03/10 17:21:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/03/10 17:21:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/03 17:30:12 | 000,000,000 | ---D | C] -- C:\Users\Josh\Desktop\botclient
[2011/03/02 18:05:29 | 000,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/31 16:41:47 | 000,604,520 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/03/31 16:41:47 | 000,107,796 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/03/31 16:35:24 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/31 16:35:24 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/31 16:35:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/31 16:34:54 | 3181,760,512 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/31 16:34:49 | 272,235,771 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/03/31 15:30:11 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/03/31 15:08:11 | 073,393,491 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2011/03/29 16:26:56 | 000,000,117 | ---- | M] () -- C:\Users\Josh\jagex_runescape_preferences2.dat
[2011/03/29 16:26:56 | 000,000,034 | ---- | M] () -- C:\Users\Josh\jagex_runescape_preferences.dat
[2011/03/28 15:42:07 | 000,042,877 | ---- | M] () -- C:\Users\Josh\Desktop\DSCF0808.JPG
[2011/03/28 15:41:43 | 000,012,288 | ---- | M] () -- C:\Users\Josh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/24 22:43:11 | 000,012,643 | ---- | M] () -- C:\Users\Josh\Documents\1301002912024.jpg
[2011/03/24 20:34:44 | 000,000,945 | ---- | M] () -- C:\Users\Josh\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/03/23 15:09:06 | 000,000,120 | ---- | M] () -- C:\Users\Josh\AppData\Local\Pxiti.dat
[2011/03/23 13:16:10 | 000,006,756 | ---- | M] () -- C:\Users\Josh\AppData\Local\d3d9caps.dat
[2011/03/23 11:31:53 | 092,870,238 | ---- | M] () -- C:\Users\Josh\Desktop\keep.rar
[2011/03/23 11:23:51 | 000,000,000 | ---- | M] () -- C:\Users\Josh\AppData\Local\Byirimimesumiwu.bin
[2011/03/22 22:53:14 | 000,034,508 | ---- | M] () -- C:\Users\Josh\Documents\200370_173890622663410_100001274193625_435525_3221838_n.jpg
[2011/03/10 22:58:45 | 000,279,711 | ---- | M] () -- C:\Users\Josh\Documents\tumblr_lhv2hxoX6J1qgv1igo1_500.png
[2011/03/03 17:17:51 | 029,485,363 | ---- | M] () -- C:\Users\Josh\Desktop\botclient.zip
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/31 15:30:11 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/03/28 15:41:41 | 000,042,877 | ---- | C] () -- C:\Users\Josh\Desktop\DSCF0808.JPG
[2011/03/24 22:43:04 | 000,012,643 | ---- | C] () -- C:\Users\Josh\Documents\1301002912024.jpg
[2011/03/24 20:34:44 | 000,000,945 | ---- | C] () -- C:\Users\Josh\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/03/24 17:06:47 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/03/24 16:49:21 | 3181,760,512 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/23 11:30:22 | 092,870,238 | ---- | C] () -- C:\Users\Josh\Desktop\keep.rar
[2011/03/22 23:30:48 | 000,000,120 | ---- | C] () -- C:\Users\Josh\AppData\Local\Pxiti.dat
[2011/03/22 23:30:48 | 000,000,000 | ---- | C] () -- C:\Users\Josh\AppData\Local\Byirimimesumiwu.bin
[2011/03/22 22:53:02 | 000,034,508 | ---- | C] () -- C:\Users\Josh\Documents\200370_173890622663410_100001274193625_435525_3221838_n.jpg
[2011/03/10 22:58:41 | 000,279,711 | ---- | C] () -- C:\Users\Josh\Documents\tumblr_lhv2hxoX6J1qgv1igo1_500.png
[2011/03/03 17:15:44 | 029,485,363 | ---- | C] () -- C:\Users\Josh\Desktop\botclient.zip
[2011/02/28 16:52:42 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/01/27 08:01:20 | 000,006,756 | ---- | C] () -- C:\Users\Josh\AppData\Local\d3d9caps.dat
[2011/01/07 20:26:07 | 000,000,048 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/12/27 15:27:22 | 000,012,288 | ---- | C] () -- C:\Users\Josh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/22 18:27:17 | 002,026,604 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2009/03/22 18:27:17 | 000,445,796 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2009/03/22 18:27:17 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1576.dll
[2009/03/22 18:27:17 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2009/03/22 18:23:23 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/03/22 18:23:23 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/03/22 16:00:54 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009/03/22 15:49:08 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2009/03/22 15:49:08 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2009/03/22 15:49:07 | 000,026,112 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2008/02/04 00:37:35 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/02 13:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:44:53 | 000,295,832 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 11:33:01 | 000,604,520 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,107,796 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/01/12 23:17:32 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\GetRightToGo
[2011/01/14 18:47:56 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\NetMedia Providers
[2011/03/24 16:35:10 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Opera
[2011/03/24 16:23:22 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Otax
[2011/01/14 18:47:56 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Publish Providers
[2011/01/14 18:47:43 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Sony
[2011/03/30 21:41:57 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Spotify
[2011/03/24 16:36:23 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\uTorrent
[2011/03/31 16:05:11 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >


Any help is greatly appreciated.

Thanks,
Josh
  • 0

Advertisements

#2
Joolker
Posted 31 March 2011 - 10:05 AM

Joolker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Don't know if it's even necessary but here is my extras log too:

OTL Extras logfile created on: 31/03/2011 16:43:58 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Josh\Downloads
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 57.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 134.36 Gb Total Space | 53.29 Gb Free Space | 39.66% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 5.35 Gb Free Space | 36.55% Space Free | Partition Type: NTFS
Drive E: | 2.87 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: J00LK3R | User Name: Josh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{17CCFED1-127C-41CA-9B07-D9D106A576FB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{41C96BF8-F330-44D3-AC3C-3ED7FC1806E1}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{023DA087-C7EB-46C4-AAE7-38B0550A6795}" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"{04B3BBEA-DFE8-4401-BACC-6881B341214A}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{146FC239-70C9-4C94-B7D8-4C23A55BEB8A}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{2042DBB2-BDF6-4CAA-BA32-F7927B037F16}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{232861FC-3205-4ADB-B8D6-E3CD6CB35BC6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2A310D7E-FFC2-449E-9DDF-9820B3537D57}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{31A8C1FC-7E11-419A-847F-E22C62CB6053}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{51C39A59-CC4B-41F4-973B-37160572BA31}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7CE9E1FE-26E7-4282-8BC9-60E83583454F}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{7E44D02D-1F84-45E8-86C1-D04B8C7F6CBE}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |
"{8A90A1CD-7DF1-44CA-9389-98A7F34D3D43}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{8B57D82A-81F4-40B4-ABF3-39FBC09F439F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8CB4759C-471A-442C-8EC5-56EDC5A2370D}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{8CC52B37-F4B7-4C5A-BDEA-60011CDC367F}" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
"{950DB778-5ED0-42CE-8F96-AF13015720FF}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{AC8D44B8-F4CA-435A-ADA8-B89BAF30D424}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{C6FFB224-6626-44A5-A3AB-5155FE48A729}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F61FED5F-BFDC-4D52-91CD-85DB5CF5F853}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F9DD65EB-A692-4DC7-AD85-6D1B670B25B9}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{FA0609B0-E5D7-4795-8F7E-3E708FE7AA51}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"TCP Query User{0ECB2C6C-BAB1-43B0-A603-8A8A33D422D2}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{BE0BEC9F-031E-4BC9-B559-F3C9EB76E1CD}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{10B39DCD-0325-49FE-BFBC-8EC011CB7CA8}" = ACID Pro 7.0
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 23
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E97C937C-AE21-453D-86A0-A231507543D1}" = ACID Music Studio 8.0
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"AVG8Uninstall" = AVG 8.5
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative OA009" = Integrated Webcam Driver (1.00.02.0825)
"Dell Webcam Central" = Dell Webcam Central
"GoToAssist" = GoToAssist 8.0.0.514
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"LastFM_is1" = Last.fm 1.5.4.27091
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"Opera 11.01.1190" = Opera 11.01
"Spotify" = Spotify
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"Winrar 3.93" = Winrar 3.93
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 26/03/2011 06:48:43 | Computer Name = j00lk3r | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2039121

Error - 26/03/2011 06:48:43 | Computer Name = j00lk3r | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2039121

Error - 26/03/2011 06:48:45 | Computer Name = j00lk3r | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 26/03/2011 06:48:45 | Computer Name = j00lk3r | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2040915

Error - 26/03/2011 06:48:45 | Computer Name = j00lk3r | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2040915

Error - 26/03/2011 06:48:46 | Computer Name = j00lk3r | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 26/03/2011 06:48:46 | Computer Name = j00lk3r | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2042241

Error - 26/03/2011 06:48:46 | Computer Name = j00lk3r | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2042241

Error - 26/03/2011 06:54:21 | Computer Name = j00lk3r | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module ntdll.dll, version 6.0.6001.22777, time stamp 0x4cb72ffe,
exception code 0xc000071b, fault offset 0x00089501, process id 0x490, application
start time 0x01cbeb9e13469eaa.

Error - 27/03/2011 06:49:33 | Computer Name = j00lk3r | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module ntdll.dll, version 6.0.6001.22777, time stamp 0x4cb72ffe,
exception code 0xc000071b, fault offset 0x00089501, process id 0x494, application
start time 0x01cbec69cd23a754.

[ Broadcom Wireless LAN Events ]
Error - 30/01/2011 07:02:51 | Computer Name = j00lk3r | Source = WLAN-Tray | ID = 0
Description = 11:02:51, Sun, Jan 30, 11 Error - Unable to gain access to user store


Error - 06/02/2011 16:26:50 | Computer Name = j00lk3r | Source = WLAN-Tray | ID = 0
Description = 20:26:50, Sun, Feb 06, 11 Error - Unable to gain access to user store


Error - 24/02/2011 05:39:07 | Computer Name = j00lk3r | Source = WLAN-Tray | ID = 0
Description = 09:39:06, Thu, Feb 24, 11 Error - Unable to gain access to user store


[ System Events ]
Error - 01/01/2011 11:33:41 | Computer Name = j00lk3r | Source = Service Control Manager | ID = 7000
Description =

Error - 02/01/2011 08:59:52 | Computer Name = j00lk3r | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 2
Description =

Error - 02/01/2011 09:00:21 | Computer Name = j00lk3r | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.3 for the Network Card with network
address 00225F7DBE1B has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 02/01/2011 09:00:22 | Computer Name = j00lk3r | Source = HTTP | ID = 15016
Description =

Error - 02/01/2011 09:01:45 | Computer Name = j00lk3r | Source = Service Control Manager | ID = 7000
Description =

Error - 02/01/2011 09:01:45 | Computer Name = j00lk3r | Source = Service Control Manager | ID = 7000
Description =

Error - 02/01/2011 09:10:07 | Computer Name = j00lk3r | Source = EventLog | ID = 6008
Description = The previous system shutdown at 13:08:42 on 02/01/2011 was unexpected.

Error - 02/01/2011 09:09:44 | Computer Name = j00lk3r | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 2
Description =

Error - 02/01/2011 09:09:54 | Computer Name = j00lk3r | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =

Error - 02/01/2011 09:10:16 | Computer Name = j00lk3r | Source = HTTP | ID = 15016
Description =


< End of report >


  • 0

#3
sempai
Posted 04 April 2011 - 08:28 AM

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Hello Joolker and welcome to G2G. :D

Please do not put the logs in Quote tags.


1. I need to see a fresh log, please run another OTL scan and post the new report.



2. Download GMER Rootkit Scanner from here.
  • Extract the contents of the zipped file to the desktop.
  • Double click GMER.exe and if you are asked if you want to allow gmer.sys driver to load, please allow it to do so.
  • If it gives you a warning about rootkit activity and asks if you want to run scan, please click on NO.
  • In the right panel you will see several boxes that have been checked. Unchecked the following checkboxes:
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Now click on the Scan button and wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in ark.txt and save it to your desktop.
  • Post the contents of that report when you reply.



3. When the computer crashes after restart the system makes dump files (Minixxxxx.dmp where x represent a number).  I need to see the file to find the cause of the crash.

Use Windows Advanced Search to find the file, to do that:
  • Press the Windows Key + F to open Advanced Search window.
  • On the right side of open window click on the drop down arrow by Advanced Search.
  • Click on the drop down arrow to the right of Location and select Computer.
  • Put a checkmark next to the Include non-indexed, hidden, and system files box.
  • On the right side in the Name field, type in mini*.dmp to search for and click search.
  • Zip the file and attach it to your reply.  To attach the file:
  • When you press the ADDREPLY, under the reply window press Browse... show the path to the zip-file on your computer:
  • Highlight the zip-file and click Open then press the green UPLOAD button.

  • 0

#4
Joolker
Posted 05 April 2011 - 10:50 AM

Joolker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Hello sempai, thanks for your response. Will follow instructions now:

OTL log

OTL logfile created on: 05/04/2011 17:45:55 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Josh\Downloads
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 134.36 Gb Total Space | 52.54 Gb Free Space | 39.10% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 5.35 Gb Free Space | 36.55% Space Free | Partition Type: NTFS

Computer Name: J00LK3R | User Name: Josh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/31 16:42:55 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Josh\Downloads\OTL.exe
PRC - [2011/03/27 12:21:16 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/03/21 10:32:02 | 001,752,136 | ---- | M] (ManyCam LLC) -- C:\Program Files\ManyCam\Bin\ManyCam.exe
PRC - [2010/06/18 22:02:20 | 001,423,520 | ---- | M] () -- C:\Program Files\No-IP\DUC30.exe
PRC - [2010/05/14 12:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/04/05 17:46:08 | 000,288,040 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2010/03/23 14:22:26 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2010/02/17 16:34:40 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2009/03/22 18:21:17 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/31 23:43:30 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2009/01/09 18:06:32 | 001,735,760 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2008/12/15 05:13:50 | 000,483,420 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2008/12/15 05:13:46 | 000,241,746 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe
PRC - [2008/12/15 05:13:30 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe
PRC - [2008/10/04 19:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/10/04 19:58:02 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/09/24 04:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/06/03 21:54:56 | 000,446,635 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
PRC - [2008/05/23 20:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/05/07 23:41:14 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/05/07 23:41:12 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/01/21 03:33:22 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
PRC - [2008/01/21 03:33:00 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe


========== Modules (SafeList) ==========

MOD - [2011/03/31 16:42:55 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Josh\Downloads\OTL.exe
MOD - [2010/08/31 16:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (avg8wd)
SRV - File not found [Auto | Stopped] -- -- (avg8emc)
SRV - [2009/03/22 16:06:19 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/12/15 05:13:46 | 000,241,746 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe -- (STacSV)
SRV - [2008/12/15 05:13:30 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe -- (AESTFilters)
SRV - [2008/10/04 19:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008/09/24 04:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/05/07 23:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/01/21 03:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2010/04/15 14:36:40 | 000,252,536 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/12/22 11:32:18 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/12/15 05:13:54 | 000,393,216 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/09/03 09:44:22 | 000,269,216 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA009Vid.sys -- (OA009Vid)
DRV - [2008/09/03 09:44:22 | 000,144,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA009Ufd.sys -- (OA009Ufd)
DRV - [2008/01/21 03:32:51 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/11/02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.ask.com?o=...68&l=dis&gct=hp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://uk.ask.com?o=...8&l=dis&gct=hp"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9
FF - prefs.js..extensions.enabledItems: [email protected]:3.11.3.15590
FF - prefs.js..keyword.URL: "http://websearch.ask...=YYYYYYYYGB&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/30 21:25:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/27 12:21:29 | 000,000,000 | ---D | M]

[2011/02/28 16:52:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Josh\AppData\Roaming\Mozilla\Extensions
[2011/04/04 20:22:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\l66m8t3v.default\extensions
[2011/03/24 16:35:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\l66m8t3v.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/31 17:27:50 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\l66m8t3v.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2011/04/04 20:22:53 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\l66m8t3v.default\extensions\[email protected]
[2011/04/04 20:22:54 | 000,002,575 | ---- | M] () -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\l66m8t3v.default\searchplugins\askcom.xml
[2011/04/04 20:22:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/24 08:22:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/03/27 12:21:24 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2011/03/27 12:21:24 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2011/03/27 12:21:24 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2011/03/27 12:21:24 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ManyCam] C:\Program Files\ManyCam\Bin\ManyCam.exe (ManyCam LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.64.53 213.109.73.74
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/04 20:13:11 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Local\ManyCam
[2011/04/04 20:07:18 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ManyCam
[2011/04/04 20:07:12 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\ManyCam
[2011/04/04 20:06:56 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2011/04/04 20:06:39 | 000,000,000 | ---D | C] -- C:\Program Files\ManyCam
[2011/04/04 18:58:03 | 000,000,000 | ---D | C] -- C:\Users\Josh\Desktop\New Folder (3)
[2011/04/04 18:11:41 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Local\Vitalwerks
[2011/04/04 18:11:24 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No-IP DUC
[2011/04/04 18:11:23 | 000,000,000 | ---D | C] -- C:\Program Files\No-IP
[2011/03/31 15:59:11 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/03/31 15:30:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/03/31 15:30:10 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/03/24 16:49:36 | 000,000,000 | ---D | C] -- C:\Windows\Registration
[2011/03/23 23:03:34 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\Otax
[2011/03/23 12:40:56 | 000,000,000 | ---D | C] -- C:\ProgramData\nAkLjJaHeKk05200
[2011/03/23 11:24:59 | 000,000,000 | ---D | C] -- C:\Users\Josh\Desktop\keep
[2011/03/22 23:30:46 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Local\{F9DA099A-99DF-4352-9707-7852A1C2CC76}
[2011/03/16 20:33:23 | 000,000,000 | ---D | C] -- C:\Users\Josh\Documents\Remote Assistance Logs
[2011/03/10 17:22:11 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\Malwarebytes
[2011/03/10 17:21:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/03/10 17:21:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/05 17:45:22 | 000,293,019 | ---- | M] () -- C:\Users\Josh\Desktop\gmer.zip
[2011/04/05 17:44:54 | 000,012,288 | ---- | M] () -- C:\Users\Josh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/05 17:41:29 | 000,604,520 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/05 17:41:29 | 000,107,796 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/05 17:34:19 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/05 17:34:19 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/05 17:33:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/05 17:33:43 | 3179,696,128 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/04 22:40:54 | 000,000,117 | ---- | M] () -- C:\Users\Josh\jagex_runescape_preferences2.dat
[2011/04/04 21:42:04 | 000,000,034 | ---- | M] () -- C:\Users\Josh\jagex_runescape_preferences.dat
[2011/04/04 20:34:54 | 000,000,000 | ---- | M] () -- C:\Users\Josh\AppData\Roaming\chrtmp
[2011/04/04 20:34:48 | 000,352,256 | ---- | M] () -- C:\Users\Josh\Desktop\fgxf.exe
[2011/04/04 20:07:18 | 000,000,934 | ---- | M] () -- C:\Users\Josh\Application Data\Microsoft\Internet Explorer\Quick Launch\ManyCam.lnk
[2011/04/04 20:07:18 | 000,000,910 | ---- | M] () -- C:\Users\Josh\Desktop\ManyCam.lnk
[2011/04/04 19:51:29 | 000,380,928 | ---- | M] () -- C:\Users\Josh\Desktop\mypictures.exe
[2011/04/04 18:57:43 | 000,567,556 | ---- | M] () -- C:\Users\Josh\Desktop\iStealer 6.0.rar
[2011/04/04 18:37:00 | 000,000,056 | ---- | M] () -- C:\Users\Josh\Desktop\computer_gender.vbs
[2011/04/04 18:13:01 | 270,597,083 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/04/04 17:28:02 | 000,000,372 | ---- | M] () -- C:\Users\Josh\Documents - Shortcut.lnk
[2011/04/04 15:02:22 | 074,038,653 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm.install_backup
[2011/04/02 12:33:38 | 000,009,845 | ---- | M] () -- C:\Users\Josh\Desktop\DSCF0904 - Copy.JPG
[2011/04/02 12:19:20 | 001,599,243 | ---- | M] () -- C:\Users\Josh\Desktop\DSCF0904.JPG
[2011/04/02 10:46:17 | 000,137,405 | ---- | M] () -- C:\Users\Josh\Desktop\11-0147_igo_app_phase_2.pdf
[2011/03/31 15:30:11 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/03/28 15:42:07 | 000,042,877 | ---- | M] () -- C:\Users\Josh\Desktop\DSCF0808.JPG
[2011/03/24 22:43:11 | 000,012,643 | ---- | M] () -- C:\Users\Josh\Documents\1301002912024.jpg
[2011/03/24 20:34:44 | 000,000,945 | ---- | M] () -- C:\Users\Josh\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/03/23 15:09:06 | 000,000,120 | ---- | M] () -- C:\Users\Josh\AppData\Local\Pxiti.dat
[2011/03/23 13:16:10 | 000,006,756 | ---- | M] () -- C:\Users\Josh\AppData\Local\d3d9caps.dat
[2011/03/23 11:31:53 | 092,870,238 | ---- | M] () -- C:\Users\Josh\Desktop\keep.rar
[2011/03/23 11:23:51 | 000,000,000 | ---- | M] () -- C:\Users\Josh\AppData\Local\Byirimimesumiwu.bin
[2011/03/22 22:53:14 | 000,034,508 | ---- | M] () -- C:\Users\Josh\Documents\200370_173890622663410_100001274193625_435525_3221838_n.jpg
[2011/03/20 17:07:56 | 000,301,568 | ---- | M] () -- C:\Users\Josh\Desktop\gmer.exe
[2011/03/10 22:58:45 | 000,279,711 | ---- | M] () -- C:\Users\Josh\Documents\tumblr_lhv2hxoX6J1qgv1igo1_500.png
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/05 17:47:23 | 000,301,568 | ---- | C] () -- C:\Users\Josh\Desktop\gmer.exe
[2011/04/05 17:45:23 | 000,293,019 | ---- | C] () -- C:\Users\Josh\Desktop\gmer.zip
[2011/04/04 20:34:54 | 000,000,000 | ---- | C] () -- C:\Users\Josh\AppData\Roaming\chrtmp
[2011/04/04 20:34:48 | 000,352,256 | ---- | C] () -- C:\Users\Josh\Desktop\fgxf.exe
[2011/04/04 20:07:18 | 000,000,934 | ---- | C] () -- C:\Users\Josh\Application Data\Microsoft\Internet Explorer\Quick Launch\ManyCam.lnk
[2011/04/04 20:07:18 | 000,000,910 | ---- | C] () -- C:\Users\Josh\Desktop\ManyCam.lnk
[2011/04/04 19:48:28 | 000,028,436 | ---- | C] () -- C:\Users\Josh\Desktop\e354234.jpg
[2011/04/04 18:37:00 | 000,000,056 | ---- | C] () -- C:\Users\Josh\Desktop\computer_gender.vbs
[2011/04/04 17:28:02 | 000,000,372 | ---- | C] () -- C:\Users\Josh\Documents - Shortcut.lnk
[2011/04/02 12:19:22 | 000,009,845 | ---- | C] () -- C:\Users\Josh\Desktop\DSCF0904 - Copy.JPG
[2011/04/02 12:19:00 | 001,599,243 | ---- | C] () -- C:\Users\Josh\Desktop\DSCF0904.JPG
[2011/04/02 10:46:17 | 000,137,405 | ---- | C] () -- C:\Users\Josh\Desktop\11-0147_igo_app_phase_2.pdf
[2011/03/31 15:30:11 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/03/28 15:41:41 | 000,042,877 | ---- | C] () -- C:\Users\Josh\Desktop\DSCF0808.JPG
[2011/03/24 22:43:04 | 000,012,643 | ---- | C] () -- C:\Users\Josh\Documents\1301002912024.jpg
[2011/03/24 20:34:44 | 000,000,945 | ---- | C] () -- C:\Users\Josh\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/03/24 17:06:47 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/03/24 16:49:21 | 3179,696,128 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/23 11:30:22 | 092,870,238 | ---- | C] () -- C:\Users\Josh\Desktop\keep.rar
[2011/03/22 23:30:48 | 000,000,120 | ---- | C] () -- C:\Users\Josh\AppData\Local\Pxiti.dat
[2011/03/22 23:30:48 | 000,000,000 | ---- | C] () -- C:\Users\Josh\AppData\Local\Byirimimesumiwu.bin
[2011/03/22 22:53:02 | 000,034,508 | ---- | C] () -- C:\Users\Josh\Documents\200370_173890622663410_100001274193625_435525_3221838_n.jpg
[2011/03/10 22:58:41 | 000,279,711 | ---- | C] () -- C:\Users\Josh\Documents\tumblr_lhv2hxoX6J1qgv1igo1_500.png
[2011/02/28 16:52:42 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/01/27 08:01:20 | 000,006,756 | ---- | C] () -- C:\Users\Josh\AppData\Local\d3d9caps.dat
[2011/01/07 20:26:07 | 000,000,048 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/12/27 15:27:22 | 000,012,288 | ---- | C] () -- C:\Users\Josh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/22 18:27:17 | 002,026,604 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2009/03/22 18:27:17 | 000,445,796 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2009/03/22 18:27:17 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1576.dll
[2009/03/22 18:27:17 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2009/03/22 18:23:23 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/03/22 18:23:23 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/03/22 16:00:54 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009/03/22 15:49:08 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2009/03/22 15:49:08 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2009/03/22 15:49:07 | 000,026,112 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2008/02/04 00:37:35 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/02 13:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:44:53 | 000,295,832 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 11:33:01 | 000,604,520 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,107,796 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/01/12 23:17:32 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\GetRightToGo
[2011/04/04 20:13:11 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\ManyCam
[2011/01/14 18:47:56 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\NetMedia Providers
[2011/03/24 16:35:10 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Opera
[2011/03/24 16:23:22 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Otax
[2011/01/14 18:47:56 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Publish Providers
[2011/01/14 18:47:43 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Sony
[2011/03/31 19:29:34 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Spotify
[2011/03/24 16:36:23 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\uTorrent
[2011/04/03 11:01:00 | 000,032,524 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========
  • 0

#5
Joolker
Posted 05 April 2011 - 10:53 AM

Joolker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
GMER Rootkit Scanner log:

GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-04-05 17:53:03
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\iaStor0 WDC_WD16 rev.11.0
Running: gmer.exe; Driver: C:\Users\Josh\AppData\Local\Temp\uwddypod.sys


---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[1076] ole32.dll!CoCreateInstance 76DFE2D8 5 Bytes JMP 0024000A
.text C:\Windows\system32\svchost.exe[1076] USER32.dll!GetForegroundWindow 76FEE697 5 Bytes JMP 00B8000A
.text C:\Windows\system32\svchost.exe[1076] USER32.dll!GetCursorPos 77000F5E 5 Bytes JMP 00B6000A
.text C:\Windows\system32\svchost.exe[1076] USER32.dll!WindowFromPoint 77013ADE 5 Bytes JMP 00B7000A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1336] kernel32.dll!FindResourceExA 76F308DD 7 Bytes JMP 2806C810 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1336] kernel32.dll!FindResourceA 76F309A5 5 Bytes JMP 2806C780 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1336] kernel32.dll!CreateEventA 76F44AD8 5 Bytes JMP 2806C2E0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1336] kernel32.dll!LockResource 76F47F1F 5 Bytes JMP 2806C9C0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1336] kernel32.dll!FindResourceExW 76F4813B 7 Bytes JMP 2806C700 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1336] kernel32.dll!LoadResource 76F48213 7 Bytes JMP 2806C8A0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1336] kernel32.dll!FindResourceW 76F497C7 5 Bytes JMP 2806C680 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1336] kernel32.dll!SizeofResource 76F497E5 7 Bytes JMP 2806C950 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1336] ADVAPI32.dll!CryptDeriveKey 76CEE6F6 7 Bytes JMP 2806BDF0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1336] ADVAPI32.dll!CryptDecrypt 76CEE8D9 7 Bytes JMP 2806BE50 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1336] USER32.dll!SetWindowPlacement 76FE79BB 5 Bytes JMP 2806FDC0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1336] USER32.dll!SetWindowRgn 76FE95E2 2 Bytes JMP 2806FE60 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1336] USER32.dll!SetWindowRgn + 3 76FE95E5 4 Bytes [08, B1, CC, CC]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1336] USER32.dll!LoadImageW 76FED61D 5 Bytes JMP 280705A0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1336] USER32.dll!LoadIconW 76FEEC94 5 Bytes JMP 28070720 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1336] USER32.dll!CreateWindowExW 76FF3D67 5 Bytes JMP 2806DDE0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1336] USER32.dll!GetWindowLongW 76FFF67F 7 Bytes JMP 28070850 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1336] USER32.dll!PeekMessageW 76FFFD9F 5 Bytes JMP 2806E850 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1336] USER32.dll!TrackPopupMenuEx 77010F4D 5 Bytes JMP 2806EED0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1336] USER32.dll!CreateDialogParamW 77011C58 5 Bytes JMP 2806FF10 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1336] USER32.dll!MessageBoxIndirectW 7703D56B 5 Bytes JMP 28070140 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1336] SHELL32.dll!Shell_NotifyIconW 75A4C808 5 Bytes JMP 2806D550 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1336] ole32.dll!CoRegisterClassObject 76DC45AC 5 Bytes JMP 2806CD20 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1336] ole32.dll!CoInitializeEx 76DFB9A2 5 Bytes JMP 2806CC20 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1336] ole32.dll!CoCreateInstance 76DFE2D8 5 Bytes JMP 2806CFA0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1336] WININET.dll!InternetReadFile 7668654B 5 Bytes JMP 280738C0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1336] WININET.dll!InternetCloseHandle 76689088 5 Bytes JMP 28073A00 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1336] WININET.dll!HttpOpenRequestA 7668D508 5 Bytes JMP 28073760 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1336] WININET.dll!HttpSendRequestA 7669EE89 5 Bytes JMP 28073960 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4024] ntdll.dll!LdrLoadDll 772979B3 3 Bytes JMP 012A13F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4024] ntdll.dll!LdrLoadDll + 4 772979B7 1 Byte [8A]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskWDC_WD1600BEVT-75ZCT2___________________11.01A11#4&27fab17b&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----
  • 0

#6
Joolker
Posted 05 April 2011 - 10:59 AM

Joolker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
There were multiple *.dmp files found so I just zipped them all

Attached Files


Edited by Joolker, 05 April 2011 - 10:59 AM.

  • 0

#7
sempai
Posted 06 April 2011 - 09:06 AM

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Hi,

Are you somewhere in Russia? What is your Anti virus program?


P2P Warning:

Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case µTorrent).

These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."


=============================================



1. Download Combofix (by Subs) from any of the links below, make sure that you save it to your desktop.

Link 1
Link 2

  • It's important to temporary disable your anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. See HERE
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

*It's strongly recommended to have this pre-installed on your machine before doing any malware removal.
*The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
*This allows us to more easily help you should your computer have a problem after an attempted removal of malware.

  • If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. If you did not have it installed, you will see the prompt below. Choose YES.

Posted Image


  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Important notes:

  • Leave your computer alone while ComboFix is running.
  • ComboFix will restart your computer if malware is found; allow it to do so.
  • ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
  • Please do not mouseclick combofix's window while its running because it may call it to stall.
  • ComboFix SHOULD NOT be used unless requested by a forum helper. See HERE.





2. Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
  • Extract the zip file to its own folder.
  • Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
  • Click Start scan to start scanning.
  • If infection is detected, the default setting for "action" is Cure (Please click on it and change it to skip).
  • Click on Report to generate a log.
  • Please post that log when you reply.

  • 0

#8
Joolker
Posted 06 April 2011 - 10:32 AM

Joolker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Hello,

Nope, I am in England, what makes you say that? And I usually use AVG but I had to un-install it to (try to) use ComboFix.

Seem to have another issue.. All was working fine, computer rebooted as it said a rootkit was detected and it came back on and continued, and got to Stage 4, I left the room for a drink and when I came back my system had rebooted. I logged back in presuming this was a second reboot as part of the process, only to find that I had been blue screened half way through. I have attempted to run ComboFix multiple times but it just keeps blue-screening at the end of the ComboFix loading bar.
  • 0

#9
sempai
Posted 06 April 2011 - 10:49 AM

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts

Nope, I am in England, what makes you say that?

Part of the infection is Domain hijack and the IP address is pointing to Russia, just need to clarify it before making any actions. Please proceed with TDSSKiller.
  • 0

#10
Joolker
Posted 06 April 2011 - 10:59 AM

Joolker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
I do get google redirect alot, I thought I possibly had a router virus or something of the sort

2011/04/06 17:56:39.0719 3624 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/06 17:56:39.0999 3624 ================================================================================
2011/04/06 17:56:39.0999 3624 SystemInfo:
2011/04/06 17:56:39.0999 3624
2011/04/06 17:56:39.0999 3624 OS Version: 6.0.6001 ServicePack: 1.0
2011/04/06 17:56:39.0999 3624 Product type: Workstation
2011/04/06 17:56:39.0999 3624 ComputerName: J00LK3R
2011/04/06 17:56:40.0000 3624 UserName: Josh
2011/04/06 17:56:40.0000 3624 Windows directory: C:\Windows
2011/04/06 17:56:40.0000 3624 System windows directory: C:\Windows
2011/04/06 17:56:40.0000 3624 Processor architecture: Intel x86
2011/04/06 17:56:40.0000 3624 Number of processors: 1
2011/04/06 17:56:40.0000 3624 Page size: 0x1000
2011/04/06 17:56:40.0000 3624 Boot type: Normal boot
2011/04/06 17:56:40.0000 3624 ================================================================================
2011/04/06 17:56:40.0341 3624 Initialize success
2011/04/06 17:56:48.0735 2152 ================================================================================
2011/04/06 17:56:48.0735 2152 Scan started
2011/04/06 17:56:48.0735 2152 Mode: Manual;
2011/04/06 17:56:48.0735 2152 ================================================================================
2011/04/06 17:56:49.0707 2152 ACPI (0cee59e4613bf65e2fd37e544ad66bdb) C:\Windows\system32\drivers\acpi.sys
2011/04/06 17:56:50.0387 2152 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/04/06 17:56:51.0021 2152 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/04/06 17:56:51.0672 2152 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/04/06 17:56:52.0284 2152 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/04/06 17:56:52.0959 2152 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
2011/04/06 17:56:53.0607 2152 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/04/06 17:56:53.0890 2152 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/04/06 17:56:53.0994 2152 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/04/06 17:56:54.0608 2152 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/04/06 17:56:54.0852 2152 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/04/06 17:56:54.0933 2152 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/04/06 17:56:55.0538 2152 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/04/06 17:56:55.0822 2152 ApfiltrService (448da519f3b6ffa158c513156053181e) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/04/06 17:56:56.0488 2152 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/04/06 17:56:57.0129 2152 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/04/06 17:56:57.0274 2152 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/06 17:56:57.0377 2152 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
2011/04/06 17:56:57.0839 2152 BCM42RLY (423c7b87e886ac93d22936ea82665f83) C:\Windows\system32\drivers\BCM42RLY.sys
2011/04/06 17:56:58.0473 2152 BCM43XX (b56999be8f22ba3071e4ceafa9e82e26) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/04/06 17:56:59.0174 2152 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/04/06 17:56:59.0301 2152 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/04/06 17:56:59.0469 2152 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/06 17:56:59.0512 2152 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/04/06 17:56:59.0539 2152 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/04/06 17:56:59.0604 2152 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/04/06 17:56:59.0657 2152 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/04/06 17:56:59.0686 2152 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/04/06 17:56:59.0714 2152 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/04/06 17:56:59.0783 2152 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/04/06 17:57:00.0672 2152 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/06 17:57:01.0296 2152 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/06 17:57:01.0348 2152 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/04/06 17:57:01.0417 2152 CLFS (0703b9dee7eec6d6370edebd43d0f5c2) C:\Windows\system32\CLFS.sys
2011/04/06 17:57:01.0699 2152 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/06 17:57:02.0294 2152 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/04/06 17:57:02.0403 2152 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/06 17:57:02.0479 2152 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/04/06 17:57:02.0507 2152 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/04/06 17:57:03.0140 2152 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
2011/04/06 17:57:03.0703 2152 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2011/04/06 17:57:03.0864 2152 drmkaud (a261867e0862be565bc1f86d387c0805) C:\Windows\system32\drivers\drmkaud.sys
2011/04/06 17:57:03.0955 2152 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/06 17:57:04.0717 2152 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
2011/04/06 17:57:05.0382 2152 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/04/06 17:57:05.0452 2152 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2011/04/06 17:57:05.0701 2152 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/04/06 17:57:05.0784 2152 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/04/06 17:57:06.0093 2152 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2011/04/06 17:57:06.0718 2152 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2011/04/06 17:57:06.0802 2152 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/06 17:57:06.0849 2152 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/04/06 17:57:06.0883 2152 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/04/06 17:57:06.0919 2152 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/06 17:57:06.0958 2152 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2011/04/06 17:57:07.0607 2152 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/06 17:57:08.0242 2152 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/04/06 17:57:08.0369 2152 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/04/06 17:57:08.0475 2152 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/06 17:57:09.0077 2152 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/04/06 17:57:09.0638 2152 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/04/06 17:57:09.0718 2152 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/06 17:57:09.0777 2152 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/04/06 17:57:09.0859 2152 HTTP (33b02459e86d0a2b86a6b9fe19139390) C:\Windows\system32\drivers\HTTP.sys
2011/04/06 17:57:09.0924 2152 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/04/06 17:57:10.0599 2152 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/06 17:57:10.0709 2152 iaStor (80c633722da72e97f3f5b3b11325696d) C:\Windows\system32\drivers\iastor.sys
2011/04/06 17:57:10.0772 2152 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/04/06 17:57:10.0917 2152 igfx (8dad27dd28a4274866767c89c0bf154f) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/04/06 17:57:10.0996 2152 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/04/06 17:57:11.0646 2152 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/04/06 17:57:11.0693 2152 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/06 17:57:11.0917 2152 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/06 17:57:11.0972 2152 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/04/06 17:57:12.0005 2152 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/04/06 17:57:12.0068 2152 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/04/06 17:57:12.0092 2152 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/04/06 17:57:12.0183 2152 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/06 17:57:12.0263 2152 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/04/06 17:57:12.0314 2152 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/04/06 17:57:12.0342 2152 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/06 17:57:12.0449 2152 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/06 17:57:12.0521 2152 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/06 17:57:13.0167 2152 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/06 17:57:13.0231 2152 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/04/06 17:57:13.0270 2152 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/04/06 17:57:13.0380 2152 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/04/06 17:57:13.0407 2152 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/04/06 17:57:13.0436 2152 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/04/06 17:57:13.0505 2152 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/04/06 17:57:13.0540 2152 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/04/06 17:57:13.0594 2152 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/06 17:57:13.0615 2152 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/06 17:57:13.0641 2152 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/06 17:57:13.0672 2152 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/04/06 17:57:14.0279 2152 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/04/06 17:57:14.0823 2152 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/06 17:57:14.0885 2152 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/04/06 17:57:14.0921 2152 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2011/04/06 17:57:14.0982 2152 mrxsmb (7afc42e60432fd1014f5342f2b1b1f74) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/06 17:57:15.0042 2152 mrxsmb10 (8a75752ae17924f65452746674b14b78) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/06 17:57:15.0097 2152 mrxsmb20 (f4d0f3252e651f02be64984ffa738394) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/06 17:57:15.0695 2152 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
2011/04/06 17:57:15.0759 2152 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/04/06 17:57:15.0800 2152 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/04/06 17:57:16.0405 2152 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/04/06 17:57:17.0041 2152 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/06 17:57:17.0063 2152 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/06 17:57:17.0120 2152 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/04/06 17:57:17.0143 2152 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2011/04/06 17:57:17.0177 2152 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/06 17:57:17.0210 2152 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/04/06 17:57:17.0238 2152 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2011/04/06 17:57:17.0352 2152 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/06 17:57:18.0005 2152 NDIS (c8560010a542b5dca94c62468dc20784) C:\Windows\system32\drivers\ndis.sys
2011/04/06 17:57:18.0485 2152 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/06 17:57:18.0519 2152 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/06 17:57:18.0556 2152 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/06 17:57:18.0585 2152 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/04/06 17:57:19.0195 2152 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/06 17:57:19.0721 2152 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/06 17:57:19.0797 2152 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/04/06 17:57:20.0337 2152 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2011/04/06 17:57:20.0371 2152 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/06 17:57:20.0444 2152 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2011/04/06 17:57:21.0067 2152 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/04/06 17:57:21.0090 2152 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/04/06 17:57:21.0148 2152 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/04/06 17:57:21.0196 2152 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/04/06 17:57:21.0227 2152 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/04/06 17:57:21.0418 2152 OA009Ufd (a015dd2ba6009c8bdd00a6c431302d06) C:\Windows\system32\DRIVERS\OA009Ufd.sys
2011/04/06 17:57:22.0012 2152 OA009Vid (d4e1f63a07c58563a73fd5aa20dcfb65) C:\Windows\system32\DRIVERS\OA009Vid.sys
2011/04/06 17:57:22.0648 2152 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/04/06 17:57:22.0707 2152 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/04/06 17:57:22.0741 2152 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2011/04/06 17:57:23.0188 2152 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/04/06 17:57:23.0244 2152 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2011/04/06 17:57:23.0318 2152 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/04/06 17:57:23.0398 2152 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/04/06 17:57:24.0002 2152 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/04/06 17:57:24.0601 2152 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/06 17:57:24.0621 2152 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/04/06 17:57:24.0722 2152 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/06 17:57:24.0802 2152 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
2011/04/06 17:57:25.0470 2152 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/04/06 17:57:26.0070 2152 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/04/06 17:57:26.0159 2152 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/06 17:57:26.0303 2152 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/04/06 17:57:26.0334 2152 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/06 17:57:26.0373 2152 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/06 17:57:26.0399 2152 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/06 17:57:26.0425 2152 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/06 17:57:26.0469 2152 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/06 17:57:26.0491 2152 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/06 17:57:26.0538 2152 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/04/06 17:57:26.0559 2152 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/06 17:57:26.0642 2152 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2011/04/06 17:57:27.0278 2152 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/06 17:57:27.0324 2152 RTSTOR (8f6b5cfcd472fd3e54a68d211ec4617b) C:\Windows\system32\drivers\RTSTOR.SYS
2011/04/06 17:57:27.0383 2152 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/04/06 17:57:28.0001 2152 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/06 17:57:28.0658 2152 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/04/06 17:57:28.0721 2152 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/04/06 17:57:28.0744 2152 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/04/06 17:57:28.0790 2152 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/04/06 17:57:28.0816 2152 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/06 17:57:28.0841 2152 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/06 17:57:28.0915 2152 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/04/06 17:57:28.0998 2152 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/04/06 17:57:29.0023 2152 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/04/06 17:57:29.0073 2152 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/04/06 17:57:29.0106 2152 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2011/04/06 17:57:29.0150 2152 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/04/06 17:57:29.0242 2152 srv (5754e8bae40943871d0ab9becbf335e8) C:\Windows\system32\DRIVERS\srv.sys
2011/04/06 17:57:29.0505 2152 srv2 (d47b09ff7d28ee44d728f57c2d1fab86) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/06 17:57:30.0076 2152 srvnet (32d52290341a740881521e118106acd6) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/06 17:57:30.0732 2152 STHDA (14a9ad287fda70a06463e09c4328c1f2) C:\Windows\system32\DRIVERS\stwrt.sys
2011/04/06 17:57:30.0825 2152 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/06 17:57:30.0852 2152 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/04/06 17:57:30.0877 2152 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/04/06 17:57:30.0903 2152 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/04/06 17:57:31.0029 2152 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
2011/04/06 17:57:31.0085 2152 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/06 17:57:31.0721 2152 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/06 17:57:31.0846 2152 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/04/06 17:57:31.0891 2152 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/04/06 17:57:31.0913 2152 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/06 17:57:31.0939 2152 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/06 17:57:32.0002 2152 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/06 17:57:32.0027 2152 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/04/06 17:57:32.0074 2152 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/06 17:57:32.0140 2152 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/04/06 17:57:32.0164 2152 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/06 17:57:32.0213 2152 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/06 17:57:32.0242 2152 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/04/06 17:57:32.0266 2152 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/04/06 17:57:32.0292 2152 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/04/06 17:57:32.0328 2152 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/06 17:57:32.0417 2152 usbccgp (4073a94046d5f1025766eefd6abdc8db) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/06 17:57:32.0878 2152 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/04/06 17:57:32.0941 2152 usbehci (8625e96957cb855413628abb306c7b89) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/06 17:57:32.0971 2152 usbhub (bc1912ebb127b4e0905c7574349c6dce) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/06 17:57:33.0012 2152 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/04/06 17:57:33.0035 2152 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/04/06 17:57:33.0106 2152 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/06 17:57:33.0167 2152 usbuhci (4ba9542f67c63979761f1e0b8ab7141f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/06 17:57:33.0251 2152 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/06 17:57:33.0280 2152 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/04/06 17:57:33.0301 2152 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/04/06 17:57:33.0326 2152 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/04/06 17:57:33.0397 2152 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/04/06 17:57:33.0490 2152 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/04/06 17:57:33.0890 2152 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2011/04/06 17:57:33.0944 2152 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2011/04/06 17:57:34.0010 2152 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/04/06 17:57:34.0066 2152 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/04/06 17:57:34.0107 2152 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/06 17:57:34.0126 2152 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/06 17:57:34.0163 2152 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/04/06 17:57:34.0228 2152 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/06 17:57:34.0380 2152 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/04/06 17:57:34.0683 2152 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/04/06 17:57:35.0255 2152 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/06 17:57:35.0337 2152 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/06 17:57:35.0463 2152 yukonwlh (1a51df1a5c658d534ed980d18f7982de) C:\Windows\system32\DRIVERS\yk60x86.sys
2011/04/06 17:57:35.0543 2152 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/04/06 17:57:35.0548 2152 ================================================================================
2011/04/06 17:57:35.0548 2152 Scan finished
2011/04/06 17:57:35.0548 2152 ================================================================================
2011/04/06 17:57:35.0566 2136 Detected object count: 1
2011/04/06 17:57:43.0648 2136 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Skip

ALTHOUGH, usually when I get blue screen (it usually only lasts a couple of seconds before rebooting) i see iastor.sys mentioned

Edited by Joolker, 06 April 2011 - 11:00 AM.

  • 0

Advertisements

#11
sempai
Posted 06 April 2011 - 11:26 AM

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Please do this and follow instructions carefully.
  • Close all other running programs.
  • Please run TDSSKiller.exe again and start the scan.
  • Do not change any setting after the scan and let it Cure any infections found.
  • Follow the prompts and reboot the computer when ask.
  • Once completed.. It will generate a report located at C:\TDSSKiller.Version_Date_Time_log.txt.
  • Please post the contents of that log when you reply.

  • 0

#12
Joolker
Posted 06 April 2011 - 11:36 AM

Joolker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
2011/04/06 17:56:39.0719 3624 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/06 17:56:39.0999 3624 ================================================================================
2011/04/06 17:56:39.0999 3624 SystemInfo:
2011/04/06 17:56:39.0999 3624
2011/04/06 17:56:39.0999 3624 OS Version: 6.0.6001 ServicePack: 1.0
2011/04/06 17:56:39.0999 3624 Product type: Workstation
2011/04/06 17:56:39.0999 3624 ComputerName: J00LK3R
2011/04/06 17:56:40.0000 3624 UserName: Josh
2011/04/06 17:56:40.0000 3624 Windows directory: C:\Windows
2011/04/06 17:56:40.0000 3624 System windows directory: C:\Windows
2011/04/06 17:56:40.0000 3624 Processor architecture: Intel x86
2011/04/06 17:56:40.0000 3624 Number of processors: 1
2011/04/06 17:56:40.0000 3624 Page size: 0x1000
2011/04/06 17:56:40.0000 3624 Boot type: Normal boot
2011/04/06 17:56:40.0000 3624 ================================================================================
2011/04/06 17:56:40.0341 3624 Initialize success
2011/04/06 17:56:48.0735 2152 ================================================================================
2011/04/06 17:56:48.0735 2152 Scan started
2011/04/06 17:56:48.0735 2152 Mode: Manual;
2011/04/06 17:56:48.0735 2152 ================================================================================
2011/04/06 17:56:49.0707 2152 ACPI (0cee59e4613bf65e2fd37e544ad66bdb) C:\Windows\system32\drivers\acpi.sys
2011/04/06 17:56:50.0387 2152 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/04/06 17:56:51.0021 2152 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/04/06 17:56:51.0672 2152 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/04/06 17:56:52.0284 2152 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/04/06 17:56:52.0959 2152 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
2011/04/06 17:56:53.0607 2152 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/04/06 17:56:53.0890 2152 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/04/06 17:56:53.0994 2152 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/04/06 17:56:54.0608 2152 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/04/06 17:56:54.0852 2152 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/04/06 17:56:54.0933 2152 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/04/06 17:56:55.0538 2152 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/04/06 17:56:55.0822 2152 ApfiltrService (448da519f3b6ffa158c513156053181e) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/04/06 17:56:56.0488 2152 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/04/06 17:56:57.0129 2152 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/04/06 17:56:57.0274 2152 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/06 17:56:57.0377 2152 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
2011/04/06 17:56:57.0839 2152 BCM42RLY (423c7b87e886ac93d22936ea82665f83) C:\Windows\system32\drivers\BCM42RLY.sys
2011/04/06 17:56:58.0473 2152 BCM43XX (b56999be8f22ba3071e4ceafa9e82e26) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/04/06 17:56:59.0174 2152 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/04/06 17:56:59.0301 2152 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/04/06 17:56:59.0469 2152 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/06 17:56:59.0512 2152 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/04/06 17:56:59.0539 2152 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/04/06 17:56:59.0604 2152 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/04/06 17:56:59.0657 2152 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/04/06 17:56:59.0686 2152 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/04/06 17:56:59.0714 2152 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/04/06 17:56:59.0783 2152 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/04/06 17:57:00.0672 2152 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/06 17:57:01.0296 2152 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/06 17:57:01.0348 2152 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/04/06 17:57:01.0417 2152 CLFS (0703b9dee7eec6d6370edebd43d0f5c2) C:\Windows\system32\CLFS.sys
2011/04/06 17:57:01.0699 2152 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/06 17:57:02.0294 2152 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/04/06 17:57:02.0403 2152 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/06 17:57:02.0479 2152 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/04/06 17:57:02.0507 2152 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/04/06 17:57:03.0140 2152 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
2011/04/06 17:57:03.0703 2152 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2011/04/06 17:57:03.0864 2152 drmkaud (a261867e0862be565bc1f86d387c0805) C:\Windows\system32\drivers\drmkaud.sys
2011/04/06 17:57:03.0955 2152 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/06 17:57:04.0717 2152 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
2011/04/06 17:57:05.0382 2152 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/04/06 17:57:05.0452 2152 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2011/04/06 17:57:05.0701 2152 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/04/06 17:57:05.0784 2152 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/04/06 17:57:06.0093 2152 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2011/04/06 17:57:06.0718 2152 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2011/04/06 17:57:06.0802 2152 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/06 17:57:06.0849 2152 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/04/06 17:57:06.0883 2152 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/04/06 17:57:06.0919 2152 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/06 17:57:06.0958 2152 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2011/04/06 17:57:07.0607 2152 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/06 17:57:08.0242 2152 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/04/06 17:57:08.0369 2152 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/04/06 17:57:08.0475 2152 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/06 17:57:09.0077 2152 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/04/06 17:57:09.0638 2152 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/04/06 17:57:09.0718 2152 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/06 17:57:09.0777 2152 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/04/06 17:57:09.0859 2152 HTTP (33b02459e86d0a2b86a6b9fe19139390) C:\Windows\system32\drivers\HTTP.sys
2011/04/06 17:57:09.0924 2152 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/04/06 17:57:10.0599 2152 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/06 17:57:10.0709 2152 iaStor (80c633722da72e97f3f5b3b11325696d) C:\Windows\system32\drivers\iastor.sys
2011/04/06 17:57:10.0772 2152 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/04/06 17:57:10.0917 2152 igfx (8dad27dd28a4274866767c89c0bf154f) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/04/06 17:57:10.0996 2152 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/04/06 17:57:11.0646 2152 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/04/06 17:57:11.0693 2152 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/06 17:57:11.0917 2152 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/06 17:57:11.0972 2152 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/04/06 17:57:12.0005 2152 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/04/06 17:57:12.0068 2152 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/04/06 17:57:12.0092 2152 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/04/06 17:57:12.0183 2152 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/06 17:57:12.0263 2152 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/04/06 17:57:12.0314 2152 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/04/06 17:57:12.0342 2152 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/06 17:57:12.0449 2152 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/06 17:57:12.0521 2152 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/06 17:57:13.0167 2152 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/06 17:57:13.0231 2152 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/04/06 17:57:13.0270 2152 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/04/06 17:57:13.0380 2152 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/04/06 17:57:13.0407 2152 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/04/06 17:57:13.0436 2152 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/04/06 17:57:13.0505 2152 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/04/06 17:57:13.0540 2152 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/04/06 17:57:13.0594 2152 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/06 17:57:13.0615 2152 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/06 17:57:13.0641 2152 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/06 17:57:13.0672 2152 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/04/06 17:57:14.0279 2152 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/04/06 17:57:14.0823 2152 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/06 17:57:14.0885 2152 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/04/06 17:57:14.0921 2152 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2011/04/06 17:57:14.0982 2152 mrxsmb (7afc42e60432fd1014f5342f2b1b1f74) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/06 17:57:15.0042 2152 mrxsmb10 (8a75752ae17924f65452746674b14b78) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/06 17:57:15.0097 2152 mrxsmb20 (f4d0f3252e651f02be64984ffa738394) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/06 17:57:15.0695 2152 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
2011/04/06 17:57:15.0759 2152 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/04/06 17:57:15.0800 2152 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/04/06 17:57:16.0405 2152 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/04/06 17:57:17.0041 2152 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/06 17:57:17.0063 2152 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/06 17:57:17.0120 2152 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/04/06 17:57:17.0143 2152 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2011/04/06 17:57:17.0177 2152 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/06 17:57:17.0210 2152 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/04/06 17:57:17.0238 2152 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2011/04/06 17:57:17.0352 2152 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/06 17:57:18.0005 2152 NDIS (c8560010a542b5dca94c62468dc20784) C:\Windows\system32\drivers\ndis.sys
2011/04/06 17:57:18.0485 2152 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/06 17:57:18.0519 2152 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/06 17:57:18.0556 2152 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/06 17:57:18.0585 2152 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/04/06 17:57:19.0195 2152 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/06 17:57:19.0721 2152 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/06 17:57:19.0797 2152 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/04/06 17:57:20.0337 2152 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2011/04/06 17:57:20.0371 2152 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/06 17:57:20.0444 2152 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2011/04/06 17:57:21.0067 2152 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/04/06 17:57:21.0090 2152 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/04/06 17:57:21.0148 2152 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/04/06 17:57:21.0196 2152 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/04/06 17:57:21.0227 2152 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/04/06 17:57:21.0418 2152 OA009Ufd (a015dd2ba6009c8bdd00a6c431302d06) C:\Windows\system32\DRIVERS\OA009Ufd.sys
2011/04/06 17:57:22.0012 2152 OA009Vid (d4e1f63a07c58563a73fd5aa20dcfb65) C:\Windows\system32\DRIVERS\OA009Vid.sys
2011/04/06 17:57:22.0648 2152 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/04/06 17:57:22.0707 2152 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/04/06 17:57:22.0741 2152 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2011/04/06 17:57:23.0188 2152 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/04/06 17:57:23.0244 2152 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2011/04/06 17:57:23.0318 2152 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/04/06 17:57:23.0398 2152 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/04/06 17:57:24.0002 2152 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/04/06 17:57:24.0601 2152 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/06 17:57:24.0621 2152 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/04/06 17:57:24.0722 2152 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/06 17:57:24.0802 2152 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
2011/04/06 17:57:25.0470 2152 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/04/06 17:57:26.0070 2152 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/04/06 17:57:26.0159 2152 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/06 17:57:26.0303 2152 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/04/06 17:57:26.0334 2152 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/06 17:57:26.0373 2152 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/06 17:57:26.0399 2152 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/06 17:57:26.0425 2152 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/06 17:57:26.0469 2152 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/06 17:57:26.0491 2152 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/06 17:57:26.0538 2152 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/04/06 17:57:26.0559 2152 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/06 17:57:26.0642 2152 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2011/04/06 17:57:27.0278 2152 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/06 17:57:27.0324 2152 RTSTOR (8f6b5cfcd472fd3e54a68d211ec4617b) C:\Windows\system32\drivers\RTSTOR.SYS
2011/04/06 17:57:27.0383 2152 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/04/06 17:57:28.0001 2152 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/06 17:57:28.0658 2152 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/04/06 17:57:28.0721 2152 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/04/06 17:57:28.0744 2152 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/04/06 17:57:28.0790 2152 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/04/06 17:57:28.0816 2152 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/06 17:57:28.0841 2152 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/06 17:57:28.0915 2152 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/04/06 17:57:28.0998 2152 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/04/06 17:57:29.0023 2152 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/04/06 17:57:29.0073 2152 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/04/06 17:57:29.0106 2152 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2011/04/06 17:57:29.0150 2152 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/04/06 17:57:29.0242 2152 srv (5754e8bae40943871d0ab9becbf335e8) C:\Windows\system32\DRIVERS\srv.sys
2011/04/06 17:57:29.0505 2152 srv2 (d47b09ff7d28ee44d728f57c2d1fab86) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/06 17:57:30.0076 2152 srvnet (32d52290341a740881521e118106acd6) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/06 17:57:30.0732 2152 STHDA (14a9ad287fda70a06463e09c4328c1f2) C:\Windows\system32\DRIVERS\stwrt.sys
2011/04/06 17:57:30.0825 2152 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/06 17:57:30.0852 2152 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/04/06 17:57:30.0877 2152 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/04/06 17:57:30.0903 2152 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/04/06 17:57:31.0029 2152 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
2011/04/06 17:57:31.0085 2152 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/06 17:57:31.0721 2152 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/06 17:57:31.0846 2152 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/04/06 17:57:31.0891 2152 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/04/06 17:57:31.0913 2152 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/06 17:57:31.0939 2152 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/06 17:57:32.0002 2152 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/06 17:57:32.0027 2152 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/04/06 17:57:32.0074 2152 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/06 17:57:32.0140 2152 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/04/06 17:57:32.0164 2152 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/06 17:57:32.0213 2152 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/06 17:57:32.0242 2152 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/04/06 17:57:32.0266 2152 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/04/06 17:57:32.0292 2152 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/04/06 17:57:32.0328 2152 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/06 17:57:32.0417 2152 usbccgp (4073a94046d5f1025766eefd6abdc8db) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/06 17:57:32.0878 2152 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/04/06 17:57:32.0941 2152 usbehci (8625e96957cb855413628abb306c7b89) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/06 17:57:32.0971 2152 usbhub (bc1912ebb127b4e0905c7574349c6dce) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/06 17:57:33.0012 2152 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/04/06 17:57:33.0035 2152 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/04/06 17:57:33.0106 2152 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/06 17:57:33.0167 2152 usbuhci (4ba9542f67c63979761f1e0b8ab7141f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/06 17:57:33.0251 2152 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/06 17:57:33.0280 2152 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/04/06 17:57:33.0301 2152 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/04/06 17:57:33.0326 2152 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/04/06 17:57:33.0397 2152 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/04/06 17:57:33.0490 2152 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/04/06 17:57:33.0890 2152 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2011/04/06 17:57:33.0944 2152 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2011/04/06 17:57:34.0010 2152 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/04/06 17:57:34.0066 2152 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/04/06 17:57:34.0107 2152 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/06 17:57:34.0126 2152 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/06 17:57:34.0163 2152 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/04/06 17:57:34.0228 2152 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/06 17:57:34.0380 2152 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/04/06 17:57:34.0683 2152 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/04/06 17:57:35.0255 2152 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/06 17:57:35.0337 2152 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/06 17:57:35.0463 2152 yukonwlh (1a51df1a5c658d534ed980d18f7982de) C:\Windows\system32\DRIVERS\yk60x86.sys
2011/04/06 17:57:35.0543 2152 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/04/06 17:57:35.0548 2152 ================================================================================
2011/04/06 17:57:35.0548 2152 Scan finished
2011/04/06 17:57:35.0548 2152 ================================================================================
2011/04/06 17:57:35.0566 2136 Detected object count: 1
2011/04/06 17:57:43.0648 2136 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Skip
2011/04/06 18:29:00.0634 3964 ================================================================================
2011/04/06 18:29:00.0634 3964 Scan started
2011/04/06 18:29:00.0634 3964 Mode: Manual;
2011/04/06 18:29:00.0634 3964 ================================================================================
2011/04/06 18:29:02.0007 3964 ACPI (0cee59e4613bf65e2fd37e544ad66bdb) C:\Windows\system32\drivers\acpi.sys
2011/04/06 18:29:02.0787 3964 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/04/06 18:29:03.0411 3964 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/04/06 18:29:04.0752 3964 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/04/06 18:29:06.0609 3964 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/04/06 18:29:09.0042 3964 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
2011/04/06 18:29:10.0493 3964 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/04/06 18:29:12.0973 3964 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/04/06 18:29:15.0157 3964 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/04/06 18:29:16.0281 3964 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/04/06 18:29:17.0388 3964 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/04/06 18:29:19.0182 3964 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/04/06 18:29:21.0039 3964 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/04/06 18:29:22.0583 3964 ApfiltrService (448da519f3b6ffa158c513156053181e) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/04/06 18:29:24.0377 3964 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/04/06 18:29:25.0219 3964 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/04/06 18:29:25.0843 3964 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/06 18:29:26.0233 3964 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
2011/04/06 18:29:26.0452 3964 BCM42RLY (423c7b87e886ac93d22936ea82665f83) C:\Windows\system32\drivers\BCM42RLY.sys
2011/04/06 18:29:26.0545 3964 BCM43XX (b56999be8f22ba3071e4ceafa9e82e26) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/04/06 18:29:26.0592 3964 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/04/06 18:29:26.0655 3964 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/04/06 18:29:26.0701 3964 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/06 18:29:26.0733 3964 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/04/06 18:29:26.0764 3964 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/04/06 18:29:26.0826 3964 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/04/06 18:29:26.0857 3964 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/04/06 18:29:26.0904 3964 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/04/06 18:29:26.0935 3964 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/04/06 18:29:27.0029 3964 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/04/06 18:29:27.0949 3964 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/06 18:29:27.0981 3964 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/06 18:29:28.0074 3964 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/04/06 18:29:28.0168 3964 CLFS (0703b9dee7eec6d6370edebd43d0f5c2) C:\Windows\system32\CLFS.sys
2011/04/06 18:29:28.0230 3964 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/06 18:29:28.0807 3964 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/04/06 18:29:29.0447 3964 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/06 18:29:29.0619 3964 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/04/06 18:29:29.0665 3964 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/04/06 18:29:30.0617 3964 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
2011/04/06 18:29:31.0647 3964 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2011/04/06 18:29:32.0567 3964 drmkaud (a261867e0862be565bc1f86d387c0805) C:\Windows\system32\drivers\drmkaud.sys
2011/04/06 18:29:34.0423 3964 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/06 18:29:35.0547 3964 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
2011/04/06 18:29:36.0888 3964 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/04/06 18:29:38.0167 3964 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2011/04/06 18:29:39.0306 3964 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/04/06 18:29:41.0412 3964 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/04/06 18:29:43.0159 3964 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2011/04/06 18:29:43.0799 3964 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2011/04/06 18:29:44.0454 3964 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/06 18:29:45.0109 3964 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/04/06 18:29:45.0359 3964 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/04/06 18:29:45.0437 3964 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/06 18:29:45.0499 3964 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2011/04/06 18:29:45.0531 3964 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/06 18:29:45.0562 3964 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/04/06 18:29:45.0640 3964 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/04/06 18:29:45.0733 3964 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/06 18:29:45.0765 3964 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/04/06 18:29:45.0796 3964 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/04/06 18:29:45.0889 3964 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/06 18:29:45.0936 3964 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/04/06 18:29:46.0030 3964 HTTP (33b02459e86d0a2b86a6b9fe19139390) C:\Windows\system32\drivers\HTTP.sys
2011/04/06 18:29:46.0108 3964 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/04/06 18:29:46.0155 3964 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/06 18:29:46.0233 3964 iaStor (80c633722da72e97f3f5b3b11325696d) C:\Windows\system32\drivers\iastor.sys
2011/04/06 18:29:46.0311 3964 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/04/06 18:29:46.0435 3964 igfx (8dad27dd28a4274866767c89c0bf154f) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/04/06 18:29:46.0545 3964 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/04/06 18:29:46.0638 3964 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/04/06 18:29:46.0669 3964 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/06 18:29:46.0716 3964 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/06 18:29:46.0779 3964 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/04/06 18:29:46.0825 3964 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/04/06 18:29:46.0950 3964 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/04/06 18:29:47.0028 3964 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/04/06 18:29:47.0106 3964 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/06 18:29:47.0137 3964 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/04/06 18:29:47.0169 3964 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/04/06 18:29:47.0200 3964 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/06 18:29:47.0231 3964 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/06 18:29:47.0325 3964 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/06 18:29:47.0418 3964 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/06 18:29:47.0465 3964 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/04/06 18:29:47.0527 3964 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/04/06 18:29:47.0605 3964 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/04/06 18:29:47.0637 3964 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/04/06 18:29:47.0699 3964 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/04/06 18:29:47.0808 3964 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/04/06 18:29:47.0871 3964 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/04/06 18:29:47.0902 3964 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/06 18:29:47.0949 3964 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/06 18:29:47.0980 3964 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/06 18:29:48.0011 3964 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/04/06 18:29:48.0042 3964 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/04/06 18:29:48.0073 3964 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/06 18:29:48.0136 3964 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/04/06 18:29:48.0167 3964 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2011/04/06 18:29:48.0245 3964 mrxsmb (7afc42e60432fd1014f5342f2b1b1f74) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/06 18:29:48.0323 3964 mrxsmb10 (8a75752ae17924f65452746674b14b78) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/06 18:29:48.0401 3964 mrxsmb20 (f4d0f3252e651f02be64984ffa738394) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/06 18:29:48.0463 3964 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
2011/04/06 18:29:48.0573 3964 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/04/06 18:29:48.0619 3964 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/04/06 18:29:48.0666 3964 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/04/06 18:29:48.0729 3964 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/06 18:29:48.0760 3964 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/06 18:29:48.0791 3964 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/04/06 18:29:48.0822 3964 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2011/04/06 18:29:48.0869 3964 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/06 18:29:48.0900 3964 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/04/06 18:29:48.0947 3964 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2011/04/06 18:29:49.0056 3964 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/06 18:29:49.0119 3964 NDIS (c8560010a542b5dca94c62468dc20784) C:\Windows\system32\drivers\ndis.sys
2011/04/06 18:29:49.0150 3964 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/06 18:29:49.0197 3964 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/06 18:29:49.0228 3964 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/06 18:29:49.0259 3964 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/04/06 18:29:49.0290 3964 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/06 18:29:49.0321 3964 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/06 18:29:49.0399 3964 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/04/06 18:29:49.0431 3964 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2011/04/06 18:29:49.0477 3964 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/06 18:29:49.0571 3964 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2011/04/06 18:29:49.0649 3964 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/04/06 18:29:49.0680 3964 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/04/06 18:29:49.0711 3964 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/04/06 18:29:49.0743 3964 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/04/06 18:29:49.0789 3964 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/04/06 18:29:49.0930 3964 OA009Ufd (a015dd2ba6009c8bdd00a6c431302d06) C:\Windows\system32\DRIVERS\OA009Ufd.sys
2011/04/06 18:29:49.0992 3964 OA009Vid (d4e1f63a07c58563a73fd5aa20dcfb65) C:\Windows\system32\DRIVERS\OA009Vid.sys
2011/04/06 18:29:50.0039 3964 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/04/06 18:29:50.0086 3964 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/04/06 18:29:50.0133 3964 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2011/04/06 18:29:50.0164 3964 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/04/06 18:29:50.0226 3964 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2011/04/06 18:29:50.0320 3964 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/04/06 18:29:50.0351 3964 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/04/06 18:29:50.0413 3964 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/04/06 18:29:50.0538 3964 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/06 18:29:50.0569 3964 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/04/06 18:29:50.0694 3964 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/06 18:29:50.0725 3964 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
2011/04/06 18:29:50.0835 3964 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/04/06 18:29:50.0866 3964 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/04/06 18:29:50.0913 3964 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/06 18:29:51.0053 3964 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/04/06 18:29:51.0100 3964 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/06 18:29:51.0131 3964 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/06 18:29:51.0178 3964 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/06 18:29:51.0209 3964 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/06 18:29:51.0256 3964 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/06 18:29:51.0303 3964 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/06 18:29:51.0349 3964 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/04/06 18:29:51.0396 3964 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/06 18:29:51.0427 3964 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2011/04/06 18:29:51.0505 3964 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/06 18:29:51.0568 3964 RTSTOR (8f6b5cfcd472fd3e54a68d211ec4617b) C:\Windows\system32\drivers\RTSTOR.SYS
2011/04/06 18:29:51.0615 3964 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/04/06 18:29:51.0677 3964 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/06 18:29:51.0724 3964 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/04/06 18:29:51.0786 3964 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/04/06 18:29:51.0817 3964 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/04/06 18:29:51.0880 3964 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/04/06 18:29:51.0911 3964 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/06 18:29:51.0942 3964 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/06 18:29:51.0973 3964 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/04/06 18:29:52.0020 3964 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/04/06 18:29:52.0067 3964 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/04/06 18:29:52.0114 3964 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/04/06 18:29:52.0161 3964 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2011/04/06 18:29:52.0207 3964 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/04/06 18:29:52.0301 3964 srv (5754e8bae40943871d0ab9becbf335e8) C:\Windows\system32\DRIVERS\srv.sys
2011/04/06 18:29:52.0379 3964 srv2 (d47b09ff7d28ee44d728f57c2d1fab86) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/06 18:29:52.0410 3964 srvnet (32d52290341a740881521e118106acd6) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/06 18:29:52.0504 3964 STHDA (14a9ad287fda70a06463e09c4328c1f2) C:\Windows\system32\DRIVERS\stwrt.sys
2011/04/06 18:29:52.0582 3964 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/06 18:29:52.0629 3964 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/04/06 18:29:52.0660 3964 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/04/06 18:29:52.0691 3964 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/04/06 18:29:52.0816 3964 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
2011/04/06 18:29:52.0894 3964 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/06 18:29:52.0925 3964 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/06 18:29:53.0019 3964 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/04/06 18:29:53.0050 3964 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/04/06 18:29:53.0097 3964 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/06 18:29:53.0143 3964 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/06 18:29:53.0221 3964 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/06 18:29:53.0253 3964 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/04/06 18:29:53.0284 3964 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/06 18:29:53.0331 3964 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/04/06 18:29:53.0362 3964 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/06 18:29:53.0440 3964 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/06 18:29:53.0487 3964 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/04/06 18:29:53.0518 3964 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/04/06 18:29:53.0565 3964 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/04/06 18:29:53.0596 3964 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/06 18:29:53.0689 3964 usbccgp (4073a94046d5f1025766eefd6abdc8db) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/06 18:29:53.0721 3964 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/04/06 18:29:53.0783 3964 usbehci (8625e96957cb855413628abb306c7b89) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/06 18:29:53.0830 3964 usbhub (bc1912ebb127b4e0905c7574349c6dce) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/06 18:29:53.0861 3964 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/04/06 18:29:53.0892 3964 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/04/06 18:29:53.0970 3964 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/06 18:29:54.0033 3964 usbuhci (4ba9542f67c63979761f1e0b8ab7141f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/06 18:29:54.0079 3964 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/06 18:29:54.0126 3964 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/04/06 18:29:54.0173 3964 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/04/06 18:29:54.0220 3964 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/04/06 18:29:54.0298 3964 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/04/06 18:29:54.0329 3964 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/04/06 18:29:54.0391 3964 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2011/04/06 18:29:54.0454 3964 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2011/04/06 18:29:54.0485 3964 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/04/06 18:29:54.0563 3964 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/04/06 18:29:54.0594 3964 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/06 18:29:54.0625 3964 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/06 18:29:54.0672 3964 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/04/06 18:29:54.0766 3964 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/06 18:29:54.0953 3964 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/04/06 18:29:55.0109 3964 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/04/06 18:29:55.0171 3964 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/06 18:29:55.0234 3964 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/06 18:29:55.0327 3964 yukonwlh (1a51df1a5c658d534ed980d18f7982de) C:\Windows\system32\DRIVERS\yk60x86.sys
2011/04/06 18:29:55.0390 3964 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/04/06 18:29:55.0405 3964 ================================================================================
2011/04/06 18:29:55.0405 3964 Scan finished
2011/04/06 18:29:55.0405 3964 ================================================================================
2011/04/06 18:29:55.0421 2056 Detected object count: 1
2011/04/06 18:30:30.0864 2056 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/04/06 18:30:30.0864 2056 \HardDisk0 - ok
2011/04/06 18:30:30.0864 2056 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/04/06 18:30:37.0759 3780 Deinitialize success
  • 0

#13
Joolker
Posted 06 April 2011 - 11:48 AM

Joolker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Or this one? There was 2

2011/04/06 17:56:27.0664 3044 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/06 17:56:28.0057 3044 ================================================================================
2011/04/06 17:56:28.0057 3044 SystemInfo:
2011/04/06 17:56:28.0057 3044
2011/04/06 17:56:28.0058 3044 OS Version: 6.0.6001 ServicePack: 1.0
2011/04/06 17:56:28.0058 3044 Product type: Workstation
2011/04/06 17:56:28.0058 3044 ComputerName: J00LK3R
2011/04/06 17:56:28.0058 3044 UserName: Josh
2011/04/06 17:56:28.0058 3044 Windows directory: C:\Windows
2011/04/06 17:56:28.0058 3044 System windows directory: C:\Windows
2011/04/06 17:56:28.0058 3044 Processor architecture: Intel x86
2011/04/06 17:56:28.0058 3044 Number of processors: 1
2011/04/06 17:56:28.0058 3044 Page size: 0x1000
2011/04/06 17:56:28.0058 3044 Boot type: Normal boot
2011/04/06 17:56:28.0058 3044 ================================================================================
2011/04/06 17:56:28.0398 3044 Initialize success
2011/04/06 17:56:38.0036 3964 Deinitialize success
  • 0

#14
sempai
Posted 06 April 2011 - 04:22 PM

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Hi,

Please delete your copy of ComboFix (do not uninstall) and download a new copy and run it again.
  • 0

#15
Joolker
Posted 07 April 2011 - 03:42 AM

Joolker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
ComboFix 11-04-06.03 - Josh 07/04/2011 10:31:06.2.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.44.1033.18.3034.1980 [GMT 1:00]
Running from: c:\users\Josh\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\system32\winlogon.exe
c:\users\Josh\AppData\Local\{F9DA099A-99DF-4352-9707-7852A1C2CC76}
c:\users\Josh\AppData\Local\{F9DA099A-99DF-4352-9707-7852A1C2CC76}\chrome\content\overlay.xul
c:\users\Josh\AppData\Local\{F9DA099A-99DF-4352-9707-7852A1C2CC76}\install.rdf
c:\users\Josh\AppData\Roaming\chrtmp
.
.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((( Files Created from 2011-03-07 to 2011-04-07 )))))))))))))))))))))))))))))))
.
.
2011-04-07 09:37 . 2011-04-07 09:38 -------- d-----w- c:\users\Josh\AppData\Local\temp
2011-04-07 09:37 . 2011-04-07 09:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-06 19:44 . 2011-03-15 04:05 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{066D12CC-BC42-4150-B1BE-CBC7A21F396F}\mpengine.dll
2011-04-05 20:38 . 2011-04-07 09:37 -------- d-----w- C:\system32
2011-04-04 19:13 . 2011-04-04 19:24 -------- d-----w- c:\users\Josh\AppData\Local\ManyCam
2011-04-04 19:07 . 2011-04-04 19:13 -------- d-----w- c:\users\Josh\AppData\Roaming\ManyCam
2011-04-04 19:06 . 2011-04-04 19:07 -------- d-----w- c:\program files\ManyCam
2011-04-04 17:11 . 2011-04-04 17:11 -------- d-----w- c:\users\Josh\AppData\Local\Vitalwerks
2011-04-04 17:11 . 2011-04-04 17:11 -------- d-----w- c:\program files\No-IP
2011-04-01 06:28 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2011-04-01 06:28 . 2010-12-29 17:41 323072 ----a-w- c:\windows\system32\sbe.dll
2011-04-01 06:28 . 2010-12-29 17:41 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-04-01 06:28 . 2010-12-29 17:41 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-04-01 06:28 . 2010-12-29 17:39 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-04-01 06:28 . 2010-12-17 16:43 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-04-01 06:28 . 2010-12-17 15:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-03-31 14:30 . 2011-03-31 14:30 -------- d-----w- c:\program files\CCleaner
2011-03-24 16:05 . 2009-03-08 11:32 72704 ----a-w- c:\windows\system32\admparse.dll
2011-03-24 15:50 . 2011-04-07 09:17 -------- d-----w- c:\windows\system32\wbem\repository
2011-03-23 22:03 . 2011-03-24 15:23 -------- d-----w- c:\users\Josh\AppData\Roaming\Otax
2011-03-23 11:40 . 2011-03-23 12:32 -------- d-----w- c:\programdata\nAkLjJaHeKk05200
2011-03-22 22:30 . 2011-03-23 10:23 0 ----a-w- c:\users\Josh\AppData\Local\Byirimimesumiwu.bin
2011-03-10 16:22 . 2011-03-10 16:22 -------- d-----w- c:\users\Josh\AppData\Roaming\Malwarebytes
2011-03-10 16:21 . 2011-03-23 14:17 -------- d-----w- c:\programdata\Malwarebytes
2011-03-10 16:21 . 2011-03-10 16:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 17:11 . 2010-12-28 02:13 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-19 17:17 . 2010-12-27 18:51 173360027 ----a-w- c:\windows\DUMP648c.tmp
2011-01-08 07:50 . 2011-02-09 21:08 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 05:57 . 2011-02-09 21:08 292352 ----a-w- c:\windows\system32\atmfd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"ManyCam"="c:\program files\ManyCam\Bin\ManyCam.exe" [2011-03-21 1752136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 288040]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-12-09 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-12-09 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-12-09 154136]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-22 3810304]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-06-03 446635]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-03-22 15:06 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [x]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [x]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [x]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [x]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [x]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe [2008-12-15 81920]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-09-24 155648]
S3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;c:\windows\system32\DRIVERS\OA009Ufd.sys [2008-09-03 144672]
S3 OA009Vid;Creative Camera OA009 Function Driver;c:\windows\system32\DRIVERS\OA009Vid.sys [2008-09-03 269216]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://uk.ask.com?o=102868&l=dis&gct=hp
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\l66m8t3v.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?ref=hp
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SysTrayApp - %ProgramFiles%\IDT\WDM\sttray.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-07 10:38
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\users\Josh\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
Completion time: 2011-04-07 10:41:35
ComboFix-quarantined-files.txt 2011-04-07 09:41
.
Pre-Run: 63,129,513,984 bytes free
Post-Run: 63,605,018,624 bytes free
.
- - End Of File - - 2C0286BF1EA9E2D643C4A8BD708E8C98
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP